Different channels need different fraud controls
Even without taking over someone’s accounts, fraudsters armed with stolen credit card data can wreak havoc through mobile payment channels. That’s because many merchants use the same fraud controls for mobile orders and desktop orders, even though the processes require different approaches.
Mobile checkout is often streamlined to reduce the amount of data shoppers have to key in. So, indicators like geolocation, device fingerprint and behavioral biometrics are needed to help spot mobile fraud without increasing false declines.
Merchants should also monitor fraud by channel, to see how much each channel contributes to total fraud losses. That can help with decisions about where to allocate their fraud-prevention budget.
Finally, merchants must ensure that their apps and websites don’t allow hackers in. Regular site scans for malware and unauthorized scripts can help detect “formjacking” attacks that silently steal customers’ payment data as they enter it. Mobile shopping apps should be developed with security best practices in mind. They should also be tested regularly for security vulnerabilities and updated as needed to keep customer data safe.
As fraud prevention providers, merchants and banks gather and leverage more data, it’s becoming possible to use analytics to spot large-scale, sophisticated attacks that can get past typical fraud filters.
For example, group analysis moves beyond analyzing individual orders for fraud flags and instead looks at batches. With group analysis, what looks like a series of good orders might be revealed to be a batch of fraudulent purchases using separate hijacked payment accounts from the same bank.
By implementing multiple layers of fraud-prevention tactics, prioritizing data security and adopting new fraud-detection methods as they emerge, merchants can protect themselves in two ways.
First, by reducing the incidence of ATO, CNP fraud and data theft, they reduce their fraud losses. Second, by making it difficult for fraudsters to succeed against them, they protect their customers’ data and encourage criminals to move on in search of other targets. That’s a security posture that benefits everyone now and will continue to deliver benefits once our current crisis is past.